AWS::PaymentCryptography::Key KeyAttributes - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::PaymentCryptography::Key KeyAttributes

The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "KeyAlgorithm" : String,
  "KeyClass" : String,
  "KeyModesOfUse" : KeyModesOfUse,
  "KeyUsage" : String
}

Properties

KeyAlgorithm

The key algorithm to be use during creation of an Amazon Payment Cryptography key.

For symmetric keys, Amazon Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, Amazon Payment Cryptography supports RSA and ECC_NIST algorithms.

Required: Yes

Type: String

Allowed values: TDES_2KEY | TDES_3KEY | AES_128 | AES_192 | AES_256 | RSA_2048 | RSA_3072 | RSA_4096

Update requires: No interruption

KeyClass

The type of Amazon Payment Cryptography key to create, which determines the classification of the cryptographic method and whether Amazon Payment Cryptography key contains a symmetric key or an asymmetric key pair.

Required: Yes

Type: String

Allowed values: SYMMETRIC_KEY | ASYMMETRIC_KEY_PAIR | PRIVATE_KEY | PUBLIC_KEY

Update requires: No interruption

KeyModesOfUse

The list of cryptographic operations that you can perform using the key.

Required: Yes

Type: KeyModesOfUse

Update requires: No interruption

KeyUsage

The cryptographic usage of an Amazon Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.

Required: Yes

Type: String

Allowed values: TR31_B0_BASE_DERIVATION_KEY | TR31_C0_CARD_VERIFICATION_KEY | TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY | TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION | TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS | TR31_E1_EMV_MKEY_CONFIDENTIALITY | TR31_E2_EMV_MKEY_INTEGRITY | TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS | TR31_E5_EMV_MKEY_CARD_PERSONALIZATION | TR31_E6_EMV_MKEY_OTHER | TR31_K0_KEY_ENCRYPTION_KEY | TR31_K1_KEY_BLOCK_PROTECTION_KEY | TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT | TR31_M3_ISO_9797_3_MAC_KEY | TR31_M1_ISO_9797_1_MAC_KEY | TR31_M6_ISO_9797_5_CMAC_KEY | TR31_M7_HMAC_KEY | TR31_P0_PIN_ENCRYPTION_KEY | TR31_P1_PIN_GENERATION_KEY | TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE | TR31_V1_IBM3624_PIN_VERIFICATION_KEY | TR31_V2_VISA_PIN_VERIFICATION_KEY | TR31_K2_TR34_ASYMMETRIC_KEY

Update requires: No interruption